Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RGPy-ZXtdC-BH3jao8zteTT01oA.roa
File:                     RGPy-ZXtdC-BH3jao8zteTT01oA.roa (raw, json)
Hash identifier:          pO/MR/dqOc7EQWAqOS7HMdPIzgNyOf/ptPW3aH40Opk=
Subject key identifier:   44:63:F2:F9:95:ED:74:2F:81:1F:78:DA:A3:CC:ED:79:34:F4:D6:80
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019ECBDC0476E1D4ECA8DD4D791D51832CFF
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RGPy-ZXtdC-BH3jao8zteTT01oA.roa
Signing time:             Mon 15 Jun 2026 15:17:34 +0000
ROA not before:           Mon 15 Jun 2026 15:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142222
IP address blocks:        194.120.121.0/24 maxlen: 24
                          212.221.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 14:33:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:dc:04:76:e1:d4:ec:a8:dd:4d:79:1d:51:83:2c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jun 15 15:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4463f2f995ed742f811f78daa3cced7934f4d680
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:05:ef:d4:1f:54:c1:e3:f3:1e:4c:fe:aa:2f:
                    7e:0c:71:60:27:d0:62:f7:25:54:e1:0e:13:1d:a7:
                    72:10:16:52:36:70:d1:e8:ad:4b:d6:de:36:6f:a8:
                    59:9a:d1:cd:12:c4:3c:8c:35:ee:55:04:2c:23:01:
                    50:8f:14:62:cb:68:2e:ba:8c:60:93:95:bf:c0:9a:
                    36:09:1f:69:43:04:41:17:38:b3:00:ff:47:66:68:
                    93:83:6c:59:b0:e2:58:8d:1b:31:ce:ac:24:36:a5:
                    fb:09:e4:c7:e9:53:c9:6a:b1:ad:93:fc:32:34:67:
                    88:74:9d:c0:6f:d1:06:5f:25:57:b8:2a:33:fd:b0:
                    20:c7:68:aa:5b:7f:63:c7:0f:61:de:f5:fd:25:de:
                    a2:93:bc:4b:16:55:85:9f:af:9d:7a:fc:28:da:ed:
                    7e:60:14:1b:48:e2:c9:4c:9d:78:85:bf:0f:cf:12:
                    1a:71:6a:0c:06:4a:62:66:43:98:2f:cf:27:3f:a1:
                    c6:7f:4d:83:35:52:31:30:80:95:d7:d8:a7:f9:5d:
                    02:8d:83:01:bd:53:05:21:e1:a4:d4:e2:dd:38:b3:
                    d8:4b:c4:90:ed:eb:ed:7c:06:fd:23:a1:fa:b6:9d:
                    7b:02:5a:f5:0e:62:8f:00:df:20:e4:84:40:08:d0:
                    57:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:63:F2:F9:95:ED:74:2F:81:1F:78:DA:A3:CC:ED:79:34:F4:D6:80
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/RGPy-ZXtdC-BH3jao8zteTT01oA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.120.121.0/24
                  212.221.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d9:a6:93:87:d1:97:fc:de:e7:de:63:b3:f3:e0:fe:04:a1:e0:
         92:1a:5f:b1:f3:47:76:a1:65:20:12:c3:eb:05:1a:45:67:71:
         61:73:2c:89:19:3e:8b:56:cc:74:4b:48:ce:1f:58:60:09:a5:
         8b:27:f4:fe:1f:bf:4a:fc:be:1d:69:cc:49:62:77:7a:6f:67:
         c0:d5:fa:06:f9:52:27:50:f7:64:5d:08:fd:35:3d:1b:6a:9f:
         e1:16:28:7d:60:b5:99:a8:f8:f6:31:fb:f1:c6:3d:23:33:4f:
         14:69:3b:35:e3:2d:cb:eb:82:a5:6d:75:81:97:0d:4b:86:e3:
         a5:d7:8d:33:47:e0:89:0b:12:6b:11:0f:50:4f:e8:f2:88:27:
         4b:b5:cc:62:8a:f7:d3:8a:37:8b:4e:47:74:ab:7a:04:bd:31:
         c9:24:0f:d2:b6:86:e2:8a:40:e9:24:64:ea:d0:d0:d0:cd:f8:
         71:70:05:c7:14:57:c4:82:4e:18:a5:d3:10:50:19:b8:b4:23:
         a6:8b:c1:62:8e:1b:59:82:c9:93:bd:69:20:66:9d:29:b3:f2:
         02:06:b2:8e:dc:80:13:b4:89:51:48:b8:7c:d6:4d:2e:01:97:
         11:7b:a0:d0:e6:d0:f4:7a:b6:9f:51:de:fa:ef:cd:5a:45:59:
         7c:88:a4:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7L3AR24dTsqN1NeR1Rgyz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwNjE1MTUxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDYzZjJmOTk1ZWQ3NDJmODExZjc4ZGFhM2NjZWQ3OTM0ZjRkNjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgXv1B9UwePzHkz+qi9+DHFgJ9Bi
9yVU4Q4THadyEBZSNnDR6K1L1t42b6hZmtHNEsQ8jDXuVQQsIwFQjxRiy2guuoxg
k5W/wJo2CR9pQwRBFzizAP9HZmiTg2xZsOJYjRsxzqwkNqX7CeTH6VPJarGtk/wy
NGeIdJ3Ab9EGXyVXuCoz/bAgx2iqW39jxw9h3vX9Jd6ik7xLFlWFn6+devwo2u1+
YBQbSOLJTJ14hb8PzxIacWoMBkpiZkOYL88nP6HGf02DNVIxMICV19in+V0CjYMB
vVMFIeGk1OLdOLPYS8SQ7evtfAb9I6H6tp17Alr1DmKPAN8g5IRACNBXBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFERj8vmV7XQvgR942qPM7Xk09NaAMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvUkdQeS1aWHRkQy1CSDNqYW84enRlVFQwMW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwnh5AwQA
1N0aMA0GCSqGSIb3DQEBCwUAA4IBAQDZppOH0Zf83ufeY7Pz4P4EoeCSGl+x80d2
oWUgEsPrBRpFZ3FhcyyJGT6LVsx0S0jOH1hgCaWLJ/T+H79K/L4dacxJYnd6b2fA
1foG+VInUPdkXQj9NT0bap/hFih9YLWZqPj2Mfvxxj0jM08UaTs14y3L64KlbXWB
lw1LhuOl140zR+CJCxJrEQ9QT+jyiCdLtcxiivfTijeLTkd0q3oEvTHJJA/Stobi
ikDpJGTq0NDQzfhxcAXHFFfEgk4YpdMQUBm4tCOmi8FijhtZgsmTvWkgZp0ps/IC
BrKO3IATtIlRSLh81k0uAZcRe6DQ5tD0erafUd76781aRVl8iKRR
-----END CERTIFICATE-----